Posted by in Email on

Phishing scams are at the top of cyber criminals’ moneymaking lists. It’s disturbing that the important data of organizations such as Sony are under threat from phishing scams. But in contrast to the widespread notion, these scams affect small enterprise owners as much as they affect the big corporations.

The Internet Crime Complaint Center (partners with the FBI) and the National White Collar Crime Center (NW3C) have reported more than 300,000 cases of online phishing scams and other Internet related crimes.

To give you a better comprehension as to why your small business is of great value to a cyber criminal, let’s take a look at what phishing is exactly. 

What is phishing?

What does “phishing” mean? Phishing is the attempt to access private data, such as financial information, usernames, and passwords. This is attained by making false websites, graphics, email accounts, and phone numbers. The subject is convinced, by one method or another, to reveal these types of data that may be used to steal their identity (social security numbers are a popular target). For small businesses, phishing scams may attempt to gain access to customer credit card information. 

Examples of small business phishing scams

Thousands of small business owners have received emails from the IRS informing them that they must fill out W-4 forms or other tax forms, and return them via fax.  These emails look extremely real.  Right down to the official IRS government seal.  Unfortunately, many owners are afraid that they are going to be audited by the IRS if they don’t take care of it right away.

The IRS states on it’s website at IRS.gov, that it will not initiate any contact by email and that you should never click any links on an email sent to you asking you to send anything to the IRS.

Your company email can be a target

Thieves can gain access to a business by targeting a particular individual by sending them fraudulent emails that conveys a professionally sincere image. Most of the time these emails will contain a computer virus or malware. It has the ability to infect a company’s entire network, which allows thieves to gain access to confidential data.

Phone phishing

There are also a number of “phone phishing scams” where fake messages from your bank, for example, ask you to call a phone number and enter your account information.

How to protect your business against phishing

APWG.org is the Anti-Phishing Work Group, and their objective is to provide wonderful advice on how to ensure your business does not fall victim to phishing. Listed here are some of their tips:

  • Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails.  Always err on the side of caution.  Instead of clicking a link, open another browser window and go to the official website.
  • Never give out company financial information such as bank routing numbers to an inquiry made via email.  Your bank does not need you to confirm your account information…they already have that. An email like that even if it has your bank’s logo is a fake. Make it a habit to check your accounts regularly for suspicious charges and withdrawals.
  • Make sure every computer used has up-to-date virus and malware protection.  Schedule regular full system scans.  Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.

The APWG keeps statistics on phishing scams and offers lots of information on safe guarding your business.  Phishing is virtually impossible for law enforcement to stop.  The best defense is to educate yourself and your employees on how to identify phishing scams and stay up to date on the latest information.